Daniel Fernández Garrido
Is this you? Claim Profile »
1 year ago
in Transparent encryption with Hibernate on Thinking inside a bigger box
Hello Johannes,
About short data types - yes, they could be easier to brute force, but only if we didn't generate the encryption key with the enough strength. In PBE, if we follow the RSA standards (and jasypt does), for generating the encryption key, the password is added a (preferably random) salt, and then it is applied a hash function a number of times (iteration count).
The addition of a random salt, and the application of a hash function many times (RSA recommends at least 1,000) adds an important strength to the resulting encryption key (it is the same process as described in "Encrypting Passwords" in the jasypt website http://www.jasypt.org/encrypting-passwords.html), and, among other desirable effects, allow the domain of the result of the encryption of a small domain like a Byte object be much more diverse and big than the original domain.
This is, with a Byte object we will have 256 possible values; but once encrypted, we will have much more. (And also we will need more space to store it, of course). Brute force won't be that easy, here.
Regards,
Daniel.
About short data types - yes, they could be easier to brute force, but only if we didn't generate the encryption key with the enough strength. In PBE, if we follow the RSA standards (and jasypt does), for generating the encryption key, the password is added a (preferably random) salt, and then it is applied a hash function a number of times (iteration count).
The addition of a random salt, and the application of a hash function many times (RSA recommends at least 1,000) adds an important strength to the resulting encryption key (it is the same process as described in "Encrypting Passwords" in the jasypt website http://www.jasypt.org/encrypting-passwords.html), and, among other desirable effects, allow the domain of the result of the encryption of a small domain like a Byte object be much more diverse and big than the original domain.
This is, with a Byte object we will have 256 possible values; but once encrypted, we will have much more. (And also we will need more space to store it, of course). Brute force won't be that easy, here.
Regards,
Daniel.
1 year ago
in Transparent encryption with Hibernate on Thinking inside a bigger box
Hello Johannes,
If you mean adding asymmetric encryption techniques to jasypt, yes, that is in my to-do (maybe in a couple of versions). For the moment only message digests and password-based encryption are supported.
And by the way, version 1.2 of jasypt (to be released early in April) will add support for transparent hibernate encryption of: BigIntegers, BigDecimals, Bytes, Shorts, Integers, Longs, Floats, Doubles, Dates, Calendars, Booleans and byte[]'s (blobs). This way it will cover the full range of data types most frequently used for attributes of persistent entities.
Thanks for your interest.
Regards,
Daniel.
If you mean adding asymmetric encryption techniques to jasypt, yes, that is in my to-do (maybe in a couple of versions). For the moment only message digests and password-based encryption are supported.
And by the way, version 1.2 of jasypt (to be released early in April) will add support for transparent hibernate encryption of: BigIntegers, BigDecimals, Bytes, Shorts, Integers, Longs, Floats, Doubles, Dates, Calendars, Booleans and byte[]'s (blobs). This way it will cover the full range of data types most frequently used for attributes of persistent entities.
Thanks for your interest.
Regards,
Daniel.
1 year ago
in Transparent encryption with Hibernate on Thinking inside a bigger box
Hello,
I found this post, four months old, doing some research on already existing things "out there" for transparent encryption.
I am the the founder of the Jasypt (Java Simplified Encryption) project, which among other things, provides a hibernate integration module for doing precisely this, transparent encryption of stored data.
You can have a look at it at http://www.jasypt.org
Regards,
Daniel.
I found this post, four months old, doing some research on already existing things "out there" for transparent encryption.
I am the the founder of the Jasypt (Java Simplified Encryption) project, which among other things, provides a hibernate integration module for doing precisely this, transparent encryption of stored data.
You can have a look at it at http://www.jasypt.org
Regards,
Daniel.